Duqu worm looms as 'next big cyber threat'

The Duqu computer worm wiggled into the spotlight late last month. Here's what you can do to make sure Duqu doesn't infect your machine.

ByMatthew ShaerNovember 3, 2011

The Duqu computer worm could be the 'next big cyber threat.' Pictured, cyber security analysts that are part of the defense team watch their computers during a mock exercise at the Department of Homeland Security's secretive cyber defense training facility at Idaho National Laboratory which is intended to protect the nation’s power, water and chemical plants, electrical grid and other facilities, Friday, Sept. 30, 2011, in Idaho Falls, Idaho.

Mark J. Terrill/AP/FILE

View Caption

According to a new report, Duqu, a computer worm first detected late last month, may be using a hole in the Windows operating system to spread from machine to machine. Over at Symantec, Vikram Thakur identifies the Duqu installer file as a simple Word document, which, once downloaded, allows the Duqu worm to wiggle its way deep into your hard drive.

"The installer file is a Microsoft Word document (.doc) that exploits a previously unknown kernel vulnerability that allows code execution," Thakur wrote yesterday on the Symantec site. "We contacted Microsoft regarding the vulnerability and they're working diligently towards issuing a patch and advisory. When the file is opened, malicious code executes and installs the main Duqu binaries."

Translation: Open the file, and lose control of your machine. Thakur says that Duqu infections have been reported by six unnamed organizations in eight countries, including France, Netherlands, Switzerland, India, and Ukraine. Meanwhile, security vendors in the United Kingdom have also reported possible Duqu infections. Duqu, Reuters notes today, may be the "next big cyber threat."

Of top concern to many security analysts is the similarity between Duqu and Stuxnet, a 2010 bug which targeted industrial computer networks. Speaking to Reuters, Symantec researcher Kevin Haley said that Duqu and Stuxnet share a source code – an indication that the same group that created Stuxnet, may have created Duqu, too.

So what can you do to avoid Duqu? Well, for one, don't open Word docs sent from unfamiliar email addresses. "Unfortunately," Thakur writes, "no robust workarounds exist at this time other than following best practices, such as avoiding documents from unknown parties and utilizing alternative software. Fortunately, most security vendors already detect and block the main Duqu files, thereby preventing the attack."

Better update your security software regularly.

For more tech news, sign up for the weekly BizTech newsletter, which ships every Wednesday.